Indistinguishability of Random Systems

Ueli Maurer

An (X,Y)-random system takes inputs X_1, X_2, ... in X and generates, for
each new input X_i, an output Y_i in Y, depending probabilistically on
X_1,...,X_i and Y_1,...,Y_{i-1}. Many cryptographic systems like block
ciphers, MAC-schemes, pseudo-random functions, etc., can be modeled as
random systems, where in fact Y_i often depends only on X_i, i.e., the
system is stateless. The security proof of such a system (e.g. a block
cipher) amounts to showing that it is indistinguishable from a certain
perfect system (e.g. a random permutation).

We propose a general framework for proving the indistinguishability of two
random systems, based on the concept of the equivalence of two systems,
conditioned on certain events. This abstraction demonstrates the common
denominator among many security proofs in the literature, allows to unify,
simplify, generalize, and in some cases strengthen them, and opens the door
to proving new indistinguishability results.

We also propose the previously implicit concept of quasi-randomness and
give an efficient construction of a quasi-random function which can be used
as a building block in cryptographic systems based on pseudorandom
functions.